The open source model includes the concept of concurrent yet different agendas and differing approaches in production, in contrast with more centralized models of development such as those typically used in commercial software companies.A main principle and practice of open source software development is peer production by bartering and collaboration, with the end-product, source-material, "blueprints" and documentation available at no cost to the public

Mission

Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks

rough consensus

Majority of owasp voting members elect and follow its leaders that keep owasp on track and on mission

ethics

* Perform all professional activities and duties in accordance with all applicable laws and the highest ethical principles;* Promote the implementation of and promote compliance with standards, procedures, controls for application security;* Maintain appropriate confidentiality of proprietary or otherwise sensitive information encountered in the course of professional activities;* Discharge professional responsibilities with diligence and honesty;* To communicate openly and honestly;* Refrain from any activities which might constitute a conflict of interest or otherwise damage the reputation of employers, the information security profession, or the Association;* To maintain and affirm our objectivity and independence;* To reject inappropriate pressure from industry or others;* Not intentionally injure or impugn the professional reputation of practice of colleagues, clients, or employers;* Treat everyone with respect and dignity; and* To avoid relationships that impair — or may appear to impair — OWASP's objectivity and independence.

global

a global community of technical peers without prejudice to nation

12/2/2010 22:02:41

Matt Tesauro

Visibility

Public in our actions and our work. Allowing for maximum transparency into our work and projects. Also, influencing open and transparent actions by all the players in the software market.

For our projects, allowing anyone zero-cost use, access to the source code, ability to redistribute and make derivative works.

Community

A group of individuals working together to achieve a common goal where rough consensus determines the actions of the group.

Expertise

Having the best, brightest and passionate individuals working on concert to produce solutions to application security problems. Being the common body of knowledge for application security.

12/5/2010 3:28:51

Seba

Openess

All the products created within OWASP must be openly available for use by everybody, without limitation.All the OWASP community activities should be open for people to join and understand what OWASP is about.

Independant

OWASP as an organisation must always be aiming for reaching its goals while staying vendor- and political neutral.

Non-profit

OWASP does need an income to support the projects and organisation, but should never be used for personal or organisation monetary gain.

Respect

Everybody's opinion and believes must be respected within the OWASP community. This allows for open and honest discussions on OWASP projects and activities.

Fun

People are donating their precious time to OWASP in their free time. OWASP should never become a 'job', but must be a fun and engaging community to participate in.

12/6/2010 11:05:20

Dinis Cruz

Open , Independent, Respectful and Focused

TBC

Make Application Security InVisible to developers and Visible to buyers

TBC

Enable the creation of Safe Applications

TBC

Connect the community and enable Serendipity, in order to accelerate the speed of change

TBC

Transform Security Knowledge into Bussiness Intelligence

TBC

12/6/2010 12:20:19

Jeff Williams

Freedom and Openness

everything at OWASP has to be free and open to everyone. The security industry has failed to make information about security open for too long. This has led to some profitable consulting companies, but is not good for the world. We need an accurate, well-organized, useful body of knowledge that is free and open for everyone.

Belief in the Ecosystem

A guiding philosophy is that security is not a product, is not a process, and cannot be forced, but is an artifact of a properly functioning ecosystem. In the past we have focused on the major market failure in software… visibility. But OWASP is here to help inspire, support, and grow both the “builder” and “breaker” sides of our ecosystem. This includes a belief in balancing implementation, verification, and management activities – instead of just focusing on attempts to “hack ourselves secure.”

Making Informed Decisions about Risk

We promote the idea that organizations can and should take risks with information technology. Rather than fight risk taking, we intend to help people and organizations make informed decisions about the risks that they choose to take.

Effortocracy

At OWASP, anyone can take on any project that is reasonably aligned with our overall goals. We are not a top-down bureaucracy. In fact, some have described OWASP as upside-down – meaning that the people who do the most work and produce the most value are promoted within the organization. We loosely follow David Clark’s idea that we “We reject: kings, presidents and voting. We believe in: rough consensus and running code”

Security Enables Innovation

We believe that security is critical to our ability to innovate in information technology, and reject the idea that security is opposed to usability, performance, or progress.Embrace Responsible Commercial Activities – This is a tricky one. OWASP supports commercial activities consistent with our goals. And it simultaneously rejects attempts by commercial organizations to mislead, scare, or overclaim.Civility – We will not abide abuse of our community.

12/6/2010 13:17:20

Dave Wichers

Free and Open

Everything OWASP does should be free and open. There are some caveats to this but certainly everything we put up on our website(s) should be free. The only thing we charge for is membership (which is voluntary) and for attending our conferences and our conference training (which is also voluntary).

Free from vendor influence

Everything OWASP does should be free from undo influence of commercial interests. Input from vendors is fine, but OWASP should not produce anything that is clearly heavily biased or influenced by a vendor and our conferences and chapter meetings should not have talks that are heavily biased to a particular vendor or are advertisements for that vendor's products or services.

Focused on application security

Everything OWASP does should be related to application security in some way, such as tools, documentation, processes, buildling community, education, etc. There is a W in OWASP that stands for Web, and I think that should be our primary focus, web security, but I don't think it should be exclusively web security.

Inclusive as possible

OWASP should work to include and accept as many members and projects as possible. We should serve as the incubator of projects from which will emerge many great things, and clearly some will not grow and thrive, but thats OK. This also includes being an international organization.